Yu Ding (丁羽)

Staff Security Research Scientist
X-Lab
Baidu USA
CV

About

  • I am a staff security research scientist at X-Lab of Baidu USA and I'm working with Lenx.
  • I received my Ph.D Degree in Computer Security from Peking University in July 2016 and Bachelor degree in Computer Science from Peking University in July 2010.
  • I'm the core designer and developer of the Rust-SGX and MesaTEE project. For additional support, please contact me at rustsgx@gmail.com
  • Looking for opportunities!
  • Research Interests

    My research interests include software security and system protection. I'm writing some blog articles about my thoughts on Intel SGX.

    Stargazer map of rust-sgx-sdk (as of Oct-16-2019, geolocation heatmap by 376 out of 663 stargazers)

    Star History of famous SGX frameworks

    Recent Talks/Presentations

  • Mission Impossible: Steal Kernel Data from User Space on Defcon China'19
  • MesaTEE SGX: Redefining AI and Big Data Analysis with Intel SGX on Microsoft Bluehat'19[Slides]
  • Build a Secure and Trusted Framework in Rust on RustCon Asia'19
  • Oh No! KPTI Defeated, Unauthorized Data Leakage is Still Possible on BlackHat Asia 2019
  • Memory Safe * on OS2ATC'18
  • Bringing Intel SGX to the Rust Ecosystem on RustFest'18 [video]
  • 借助Intel SGX技术进行安全的机器学习 on QCon Beijing'18
  • Towards Memory Safety in Intel SGX Enclave [video inside] on QCon San Francisco'17
  • Invited talks on rust-sgx-sdk and rust-sgx-sdk based solution on iDash'17 competition[talk1][talk2]
  • Open Source Projects

  • Rust SGX SDK: Developing Intel SGX Enclaves in Rust
  • Easy-to-use MD5 Chosen-Prefix Collisions generator (CUDA supported)
  • dftwin: high performance dynamic data flow tracking on windows
  • Donation is welcome at Bitcoin wallet 1HmzyGeF2E9GFnRmgnGFAmuMwPTogJAhVj
    Thanks for your donation!

    Publications

    1. Towards Memory Safety for Enclave Programs with Rust-SGX (Full paper) [PDF]
      Huibo Wang, Pei Wang, Yu Ding, Mingshen Sun, Yiming Jing, Ran Duan, Long Li, Yulong Zhang, Tao Wei, Zhiqiang Lin
      To appear in ACM CCS'19, London, UK. Acceptance Rate = 73/724
    2. Rust SGX SDK: Towards Memory Safety in Intel SGX Enclave [PDF]
      Yu Ding, Ran Duan, Long Li, Yueqiang Cheng, Yulong Zhang, Tanghui Chen, Tao Wei
      Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security. DOI:10.1145/3133956.3138824
    3. SQL Injection Prevention Based on Sensitive Characters [PDF]
      Huilin Zhang, Yu Ding, Lihua Zhang, Lei Duan, Chao Zhang, Tao Wei, Guancheng Li, Xinhui Han
      Journal of Computer Research and Development (2016) 53(10). DOI:10.7544/issn1000-1239.2016.20160443
    4. Accurate and Efficient Exploit Capture and Classification [PDF]
      Yu Ding, Tao Wei, Hui Xue, Yulong Zhang, Chao Zhang, Xinhui Han
      Science China Information Science (2017) 60: 052110. doi:10.1007/s11432-016-5521-0
    5. VTrust: Regaining Trust on Virtual Calls [PDF]
      Chao Zhang, Scott Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, Dawn Song
      In Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS)
    6. Classifying Downloaders [PDF]
      Yu Ding, Liang Guo,Chao Zhang, Yulong Zhang, Hui Xue, Tao Wei, Yuan Zhou, Xinhui Han
      In Proceedings of 36th IEEE Symposium on Security and Privacy (Poster)
    7. SIPD: a practical SDN-based IP spoofing defense method [PDF]
      Chen Li, Yu Ding, Tongxin Li, Jun Li, Xinhui Han
      In 2016 Distributed Systems Security Symposium (NDSS) (Poster)
    8. PHPGate: A Practical White-Delimiter-Tracking Protection against SQL-Injection for PHP [PDF]
      Lihua Zhang, Yu Ding, Chao Zhang, Lei Duan, Zhaofeng Chen, Tao Wei, Xinhui Han,
      In Proceedings of 24th USENIX Security Symposium (Poster)
    9. AdHoneyDroid: Capture Malicious Android Advertisements [PDF]
      Dongqi Wang, Shuaifu Dai, Yu Ding, Tongxin Li, Xinhui Han,
      In Proceedings of 21st ACM Conference on Computer and Communications Security (Poster)
    10. Attack and Defense the OAuth based SSO systems [PDF]
      Jianjun Ye, Yu Ding, Tongxin Li, Huilin Zhang, Xinhui Han,
      In 2014 Annual Computer Security Applications Conference (Poster)
    11. Unider: Exploit Attack Emulator Armed with State-of-Art Exploit Techniques (Poster Session) [PDF]
      Yu Ding, Chao Zhang, Tao Wei
      In the Network and Distributed System Security Symposium (NDSS) , San Deigo, CA, Feb 2014.
    12. Android Low Entropy Demystified [PDF]
      Yu Ding, Zhuo Peng, Yuanyuan Zhou, Chao Zhang
      In IEEE International Conference on Communications (ICC) , Sydney, Australia, June 2014.
    13. A Framework to Eliminate Backdoors from Response Computable Authentication. [PDF]
      Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Wei Zou, Zhenkai Liang.
      In the 33rd IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2012.
    14. Heap Taichi: Exploiting Memory Allocation Granularity in Heap-Spraying Attacks. [PDF]
      Yu Ding, Tao Wei, Tielei Wang, Zhenkai Liang, Wei Zou.
      In the 25th Annual Computer Security Applications Conference (ACSAC), Austin, TX, Dec. 2010.
    15. A Summary of Software Classification/Taxonomy Techniques [PDF]
      Yu Ding, Wei Zou, Tao Wei
      In The 5th Conference on Vulnerability Analysis and Risk Assessment (VARA), Shanghai , China, Dec. 2012
    16. Applying Cloud Computing Techniques in Information Security Research [PDF]
      Wei Zou, Yu Ding, Xinhui Han, Wenhan Yang
      In Communications of the CCF, Vol 8, No. 7, July 2012

    Resources

  • Computer Security Conference Ranking List maintained by Prof. Guofei Gu.
  • Computer Security & Privacy Journal List by Microsoft Academic Search.

    Experience

  • NDSS'13 external reviewer
  • S&P'13 external reviewer
  • AsiaCCS'13 external reviewer
  • Science China Volume F reviewer
  • S&P'16 external reviewer
  • AsiaCCS'16 external reviewer
  • IEEE Transactions on Information Forensics and Security (TIFS) external reviewer
  • IEEE Transactions on Knowledge and Data Engineering (TKDE) external reviewer
  • Software: Practice and Experience (SPE) external reviewer

  • Last update, July 24th, 2019.
    hit counter html